Filtered by vendor Ibm
Subscribe
Total
7946 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-43180 | 1 Ibm | 1 Concert | 2024-09-20 | N/A | 4.3 MEDIUM |
| IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. | |||||
| CVE-2024-38315 | 1 Ibm | 1 Aspera Shares | 2024-09-20 | N/A | 6.3 MEDIUM |
| IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system. | |||||
| CVE-2024-35118 | 1 Ibm | 1 Maas360 Mdm | 2024-09-19 | N/A | 4.6 MEDIUM |
| IBM MaaS360 for Android 6.31 through 8.60 is using hard coded credentials that can be obtained by a user with physical access to the device. | |||||
| CVE-2024-39747 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling Connect Direct Web Services, Linux Kernel and 1 more | 2024-09-16 | N/A | 8.1 HIGH |
| IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality. | |||||
| CVE-2024-27257 | 1 Ibm | 2 Openpages Grc Platform, Openpages With Watson | 2024-09-16 | N/A | 4.3 MEDIUM |
| IBM OpenPages 8.3 and 9.0 potentially exposes information about client-side source code through use of JavaScript source maps to unauthorized users. | |||||
| CVE-2024-35143 | 1 Ibm | 2 Planning Analytics Local, Planning Analytics Workspace | 2024-09-11 | N/A | 6.7 MEDIUM |
| IBM Planning Analytics Local 2.0 and 2.1 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A remote attacker can gain unauthorized access to the database. IBM X-Force ID: 292420. | |||||
| CVE-2023-50315 | 1 Ibm | 1 Websphere Application Server | 2024-09-11 | N/A | 5.3 MEDIUM |
| IBM WebSphere Application Server 8.5 and 9.0 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 274714. | |||||
| CVE-2022-33162 | 1 Ibm | 2 Security Directory Integrator, Security Verify Directory Integrator | 2024-09-07 | N/A | 7.3 HIGH |
| IBM Security Directory Integrator 7.2.0 and Security Verify Directory Integrator 10.0.0 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources, at the privilege level of a standard unprivileged user. IBM X-Force ID: 228570. | |||||
| CVE-2024-45074 | 1 Ibm | 1 Webmethods Integration | 2024-09-06 | N/A | 6.5 MEDIUM |
| IBM webMethods Integration 10.15 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. | |||||
| CVE-2024-45076 | 1 Ibm | 1 Webmethods Integration | 2024-09-06 | N/A | 9.9 CRITICAL |
| IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system. | |||||
| CVE-2024-38321 | 1 Ibm | 1 Business Automation Workflow | 2024-09-06 | N/A | 5.3 MEDIUM |
| IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under certain situations that could be read by an authenticated user. IBM X-Force ID: 284868. | |||||
| CVE-2024-45098 | 1 Ibm | 1 Aspera Faspex | 2024-09-06 | N/A | 6.8 MEDIUM |
| IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification. | |||||
| CVE-2024-45097 | 1 Ibm | 1 Aspera Faspex | 2024-09-06 | N/A | 5.9 MEDIUM |
| IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification. | |||||
| CVE-2024-45096 | 1 Ibm | 1 Aspera Faspex | 2024-09-06 | N/A | 6.5 MEDIUM |
| IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user with access to the package to obtain sensitive information through a directory listing. | |||||
| CVE-2024-39751 | 1 Ibm | 1 Infosphere Information Server | 2024-08-29 | N/A | 4.3 MEDIUM |
| IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 297429 | |||||
| CVE-2023-38018 | 1 Ibm | 1 Aspera Shares | 2024-08-29 | N/A | 6.3 MEDIUM |
| IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 260574. | |||||
| CVE-2024-41773 | 1 Ibm | 1 Global Configuration Management | 2024-08-26 | N/A | 6.5 MEDIUM |
| IBM Global Configuration Management 7.0.2 and 7.0.3 could allow an authenticated user to archive a global baseline due to improper access controls. | |||||
| CVE-2024-41774 | 1 Ibm | 1 Common Licensing | 2024-08-24 | N/A | 4.8 MEDIUM |
| IBM Common Licensing 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 350348. | |||||
| CVE-2023-50314 | 1 Ibm | 1 Websphere Application Server | 2024-08-23 | N/A | 5.3 MEDIUM |
| IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 274713. | |||||
| CVE-2024-35151 | 1 Ibm | 2 Openpages Grc Platform, Openpages With Watson | 2024-08-23 | N/A | 6.5 MEDIUM |
| IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorization controls on APIs. | |||||